Remove the htp user firewall exception.

432320fa · Tails developers · 58e1b1a3 · 432320fa
Commit 432320fa authored Oct 01, 2011 by Tails developers
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 14 deletions

config/chroot_local-includes/etc/firewall.conf config/chroot_local-includes/etc/firewall.conf +1 -14

No files found.
--- a/config/chroot_local-includes/etc/firewall.conf
+++ b/config/chroot_local-includes/etc/firewall.conf
@@ -12,18 +12,11 @@
 # Established outgoing connections are accepted.
 [0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-# Note: this must run before traffic is dispatched to the lan rule.
-# The htp user is allowed to connect to services listening on the https port...
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j ACCEPT
-# ... and to services listening on the domain port.
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j ACCEPT
-[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j ACCEPT
-
 # Internal network connections are accepted.
 [0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT

 # Local network connections should not go through Tor but DNS shall be
-# rejected - apart for the htp user.
+# rejected.
 [0:0] -N lan
 [0:0] -A lan -p TCP --dport domain -j REJECT
 [0:0] -A lan -p UDP --dport domain -j REJECT
@@ -65,12 +58,6 @@ COMMIT
 # i2p is allowed to do anything it wants to.
 [0:0] -A OUTPUT -m owner --uid-owner i2psvc -j RETURN

-# The htp user is allowed to connect to services listening on the https port...
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j RETURN
-# ... and to services listening on the domain port.
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j RETURN
-[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j RETURN
-
 # .onion mapped addresses redirection to Tor.
 [0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j REDIRECT --to-ports 9040